0007832: msfconsole Bug, Metasploit bug issue - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0007832	Kali Linux	Kali Package Bug	public	2022-08-02 13:38	2022-08-19 10:59

Reporter	sumit1101	Assigned To	g0tmi1k
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	2022.2

Summary	0007832: msfconsole Bug, Metasploit bug issue
Description	Metasploit tip: You can pivot connections over sessions started with the ssh_login modules msf6 > search exploit/multi/handler Matching Modules Name Disclosure Date Rank Check Description 0 exploit/linux/local/apt_package_manager_persistence 1999-03-09 excellent No APT Package Manager Persistence 1 auxiliary/scanner/http/apache_mod_cgi_bash_env 2014-09-24 normal Yes Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner 2 exploit/linux/local/bash_profile_persistence 1989-06-08 normal No Bash Profile Persistence 3 exploit/linux/local/desktop_privilege_escalation 2014-08-07 excellent Yes Desktop Linux Password Stealer and Privilege Escalation 4 exploit/multi/handler manual No Generic Payload Handler 5 exploit/windows/mssql/mssql_linkcrawler 2000-01-01 great No Microsoft SQL Server Database Link Crawling Command Execution 6 exploit/windows/browser/persits_xupload_traversal 2009-09-29 excellent No Persits XUpload ActiveX MakeHttpRequest Directory Traversal 7 exploit/linux/local/yum_package_manager_persistence 2003-12-17 excellent No Yum Package Manager Persistence Interact with a module by name or index. For example info 7, use 7 or use exploit/linux/local/yum_package_manager_persistence msf6 > use 4 [] Using configured payload generic/shell_reverse_tcp msf6 exploit(multi/handler) > set payload android/multi/handler [-] The value specified for payload is not valid. msf6 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set lhost 172.28.83.28 lhost => 172.28.83.28 msf6 exploit(multi/handler) > set lport 3390 lport => 3390 msf6 exploit(multi/handler) > options Module options (exploit/multi/handler): Name Current Setting Required Description Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description LHOST 172.28.83.28 yes The listen address (an interface may be specified) LPORT 3390 yes The listen port Exploit target: Id Name 0 Wildcard Target msf6 exploit(multi/handler) > run [-] Handler failed to bind to 172.28.83.28:3390:- - [-] Handler failed to bind to 0.0.0.0:3390:- - [-] Exploit failed [bad-config]: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:3390). [] Exploit completed, but no session was created. msf6 exploit(multi/handler) >
Steps To Reproduce	Metasploit tip: You can pivot connections over sessions started with the ssh_login modules msf6 > search exploit/multi/handler Matching Modules Name Disclosure Date Rank Check Description 0 exploit/linux/local/apt_package_manager_persistence 1999-03-09 excellent No APT Package Manager Persistence 1 auxiliary/scanner/http/apache_mod_cgi_bash_env 2014-09-24 normal Yes Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner 2 exploit/linux/local/bash_profile_persistence 1989-06-08 normal No Bash Profile Persistence 3 exploit/linux/local/desktop_privilege_escalation 2014-08-07 excellent Yes Desktop Linux Password Stealer and Privilege Escalation 4 exploit/multi/handler manual No Generic Payload Handler 5 exploit/windows/mssql/mssql_linkcrawler 2000-01-01 great No Microsoft SQL Server Database Link Crawling Command Execution 6 exploit/windows/browser/persits_xupload_traversal 2009-09-29 excellent No Persits XUpload ActiveX MakeHttpRequest Directory Traversal 7 exploit/linux/local/yum_package_manager_persistence 2003-12-17 excellent No Yum Package Manager Persistence Interact with a module by name or index. For example info 7, use 7 or use exploit/linux/local/yum_package_manager_persistence msf6 > use 4 [] Using configured payload generic/shell_reverse_tcp msf6 exploit(multi/handler) > set payload android/multi/handler [-] The value specified for payload is not valid. msf6 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set lhost 172.28.83.28 lhost => 172.28.83.28 msf6 exploit(multi/handler) > set lport 3390 lport => 3390 msf6 exploit(multi/handler) > options Module options (exploit/multi/handler): Name Current Setting Required Description Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description LHOST 172.28.83.28 yes The listen address (an interface may be specified) LPORT 3390 yes The listen port Exploit target: Id Name 0 Wildcard Target msf6 exploit(multi/handler) > run [-] Handler failed to bind to 172.28.83.28:3390:- - [-] Handler failed to bind to 0.0.0.0:3390:- - [-] Exploit failed [bad-config]: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:3390). [] Exploit completed, but no session was created. msf6 exploit(multi/handler) >
Additional Information	Metasploit tip: You can pivot connections over sessions started with the ssh_login modules msf6 > search exploit/multi/handler Matching Modules Name Disclosure Date Rank Check Description 0 exploit/linux/local/apt_package_manager_persistence 1999-03-09 excellent No APT Package Manager Persistence 1 auxiliary/scanner/http/apache_mod_cgi_bash_env 2014-09-24 normal Yes Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner 2 exploit/linux/local/bash_profile_persistence 1989-06-08 normal No Bash Profile Persistence 3 exploit/linux/local/desktop_privilege_escalation 2014-08-07 excellent Yes Desktop Linux Password Stealer and Privilege Escalation 4 exploit/multi/handler manual No Generic Payload Handler 5 exploit/windows/mssql/mssql_linkcrawler 2000-01-01 great No Microsoft SQL Server Database Link Crawling Command Execution 6 exploit/windows/browser/persits_xupload_traversal 2009-09-29 excellent No Persits XUpload ActiveX MakeHttpRequest Directory Traversal 7 exploit/linux/local/yum_package_manager_persistence 2003-12-17 excellent No Yum Package Manager Persistence Interact with a module by name or index. For example info 7, use 7 or use exploit/linux/local/yum_package_manager_persistence msf6 > use 4 [] Using configured payload generic/shell_reverse_tcp msf6 exploit(multi/handler) > set payload android/multi/handler [-] The value specified for payload is not valid. msf6 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set lhost 172.28.83.28 lhost => 172.28.83.28 msf6 exploit(multi/handler) > set lport 3390 lport => 3390 msf6 exploit(multi/handler) > options Module options (exploit/multi/handler): Name Current Setting Required Description Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description LHOST 172.28.83.28 yes The listen address (an interface may be specified) LPORT 3390 yes The listen port Exploit target: Id Name 0 Wildcard Target msf6 exploit(multi/handler) > run [-] Handler failed to bind to 172.28.83.28:3390:- - [-] Handler failed to bind to 0.0.0.0:3390:- - [-] Exploit failed [bad-config]: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:3390). [] Exploit completed, but no session was created. msf6 exploit(multi/handler) >

arnaudr 2022-08-03 15:23 manager ~0016486	If you're connected over rdp, it's likely port 3390 is already in use and that's why it can't bind to it

g0tmi1k 2022-08-19 10:59 administrator ~0016605	This isn't a bug in the software or package. This error is because you already have something listenning on that port (maybe even inside of msf). You need to stop the service thats using that port, or switch to a different one. May want to look into background tasks

Date Modified	Username	Field	Change
2022-08-02 13:38	sumit1101	New Issue
2022-08-02 13:48	arnaudr	Relationship added	has duplicate 0007831
2022-08-03 15:23	arnaudr	Note Added: 0016486
2022-08-19 10:59	g0tmi1k	Assigned To	=> g0tmi1k
2022-08-19 10:59	g0tmi1k	Status	new => closed
2022-08-19 10:59	g0tmi1k	Resolution	open => no change required
2022-08-19 10:59	g0tmi1k	Note Added: 0016605